Hello everyone ... a question, a comment ...
I'm running server version 5.5 & have been trying to find holes in my security using free third party scan sites such as
www.edgeos.com and
www.securityspace.com ... one thing in particular that's come up is the possibility of a CGI Abuse hole; Quote:
"
CGI abuses: http TRACE XSS attack
Description
http (80/tcp)
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See
http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdfhttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Riskfactor : Medium
"
So the questions are: Has anyone else come across this? Should I trust this analysis and make the change recommended? Is that going to screw up my system?
Thanks for any advice, ... newbielicious.
E.
0 Replies
1252 Views